Alwin Warringa

**Name of the Vulnerable Software and Affected Versions** MapServer versions prior to 8.4.1 **Description** MapServer, a system for developing web-based GIS applications, contains a flaw in the XML Filter Query directive PropertyName. The PropertyName directive is susceptible to Boolean-based SQL injection due to bypassed expression checking when double quote characters are introduced. This allows manipulation of backend database queries. **Recommendations** Update to MapServer version 8.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** ComfortKey versions prior to 24.1.2 **Description** A Local File Inclusion issue has been found in ComfortKey, allowing an unauthenticated attacker to retrieve sensitive system information. **Recommendations** For versions prior to 24.1.2, update to version 24.1.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive system files until the update is applied.